Seagate's small and home office (SOHO) network attached storage (NAS) products are under attack by a cryptocurrency-mining malware dubbed Miner-C, with claims from researchers that over 70 percent of all Seagate Central NAS devices accessible from the internet have been infected.
According to a report
(PDF warning) published by anti-virus specialist Sophos, the Miner-C malware doesn't actively target Seagate's Central range of NAS devices; rather, a security flaw in the Seagate Central devices makes them susceptible to attack to the point where more than 70 percent of Seagate Central NAS devices accessible from the internet have Miner-C infections present.
The flaw, Sophos claims, comes from the fact that it is impossible to delete the public share and account from the device coupled with the fact that activating remote access - a common usage scenario for a NAS box on a small office or home network - does so for all users including the anonymous public account. The malware looks for this publicly-accessible share and writes copies of itself therein, disguised to look like a traditional Windows folder. The malware doesn't actively run on the NAS itself; rather it sits in the share waiting for someone to accidentally execute what they believe to be a folder, then infects the Windows machine from which the NAS was accessed in order to mine the Monero cryptocurrency.
Sophos has indicated that, at present, there is no way to protect a Seagate Central device from Miner-C infection bar disabling remote access altogether - a step which removes access for both legitimate and illegitimate users. Seagate has not yet issued a statement on Sophos' findings.